UK Companies Failing To Educate Their Non-Technical Staff In IT Security

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

A new study has revealed a worrying gap in the amount of security provisions many British companies provide for their non-technical staff.

Researchers from Intel Security found that cybercriminals are increasingly targeting members of staff such as receptionists and customer service as part of their efforts to infiltrate big businesses.

But in spite of this, more than one in ten UK companies fail to provide mandatory online security training to any of their staff – the highest proportion across Europe.

Under threat

The report found that many companies are failing to prepare their non-technical staff how to deal with security threats.

Speaking to IT decision makers from 300 European private enterprise organisations, the study found that over half (51 percent) of businesses are failing to provide sales staff with proper IT security training, which rises to 52 percent which fail to train their customer service team, and 60 percent who do not train their receptionists and front-of-house staff.

“With new threats being developed every minute of every day, IT teams within organisations need to rethink their approach to network security,” said Ashish Patel, regional director of network security UK&I Intel Security. “Relying on broad brush security strategies that aren’t updated in line with the newest threats will leave companies increasingly vulnerable to the growing capabilities of cyber criminals.

“It’s crucial that IT professionals take time to gain a real understanding of how the network attack landscape is evolving and which threats their company must prioritise defeating. Our research shows there is a real disconnect between the evolving network abuse and IT teams’ comprehension of the threat these methods pose to their organisation.”

Suspect

In terms of the type of threats encountered, browser-based attacks proved particularly popular, with over 83 million attacks being detected using an increasingly wide range of tactics.

This includes an 87 percent rise in the number of suspect URLs detected between 2013 and 2014, as hackers increasingly target company users clicking on dangerous links.

Network abuse, including DDoS attacks, also proved a pertinent threat, accounting for 45 percent of all network attacks. However, just 19 percent of UK IT professionals questioned believed that DDoS attacks posed the biggest threat to their company network.

“With suspect URLs in particular on the rise, companies cannot afford to overlook non-technical staff when it comes to security training – as these employees are often the most susceptible to online threats,” Patel added.

“Meanwhile the significant growth of network attacks relying on methods such as DDoS, ransomware, SSL attacks and advanced stealth techniques should urge IT departments and security professionals to assess their security strategies in line with these rising threats. Beyond simply deploying new security technology, IT professionals should assess how their existing systems communicate with each other to better secure their entire network.”